Guide to Setup a VPN Connection over the SSH Tunnel on a Debian/Ubuntu Linux

Setting up a VPN can be done in many ways, which requires a privileged access over all the hosts involved in the process along with opening up a number of additional ports on any of the existing firewalls. This is termed to be an administrative overhead, where, if you are able to configure a VPN over the SSH tunnel, the VPN provisioning overhead will be reduced, making the connection easier. However this tutorial is based on the guide for setting up a VPN in Linux over the SSH tunnel, which is done by using the sshuttle, a command line tool available for Linux based systems.

Developed originally as a transparent proxy server, sshuttle can also be used as for a VPN connection over an SSH tunnel. This tool needs to be installed on the local server, for an access to create a VPN connection on the Linux using the SSH tunnel. However, there isn’t any need to either install or get a root access to the sshuttle on a remote host on the other side. After the creation of a VPN connection, the python code of the sshuttle will be uploaded automatically from the local host to the remote host to make it able to be used without the need to get the root access. The installation of a python interpreter is the only requirement of the remote host for the SSH server to be running.

To start the configuration process, you need to install the sshuttle on the Linux platform used, where the following script needs to be executed for installing sshuttle on a Debian or Ubuntu platform:
“$ sudo apt-get install sshuttle”

Now, you need to initiate the VPN connection with the sshuttle through the SSH tunnel. For this step, you need to execute the following command line:
“$ sudo sshuttle -r user@remote_host 0.0.0.0/0 –dns”
Adding the value “0.0.0.0/0” forwards the traffic to and routes it via the remote host of the SSH tunnel. The “—dns” value in the command line forwards the local DNS requests to the remote host.

After executing the above command, you will get a message displayed prompting you for the password of the VPN service that you are trying to connect to. The message will be displayed as:
“user@remote_host’s password: ”

Enter the SSH password for the remote host and press enter. On successfully connecting to the VPN through an SSH tunnel, you will see the ‘connected’ message displayed on the screen as:
“user@remote_host’s password: #####”
“Connected.”

To terminate the existing VPN connection over the SSH tunnel, you need to press a combination “Ctrl+C” from your keyboard on the sshuttle running terminal.

To grant an access to a few selected subnets to enable their routing over the VPN, every subnet can be specified at the launch of sshuttle by using the following command:
“$ sudo sshuttle -r user@remote_host 172.194.0.0/16 172.195.0.0/16”.

Thus, with the help of a simple tutorial guide as given above, you can easily setup a VPN connection over the SSH tunnel on a Debian/Ubuntu Linux platform.